Once status reaches Processed, retrieve full compliance analysis results. Endpoint: GET /v1/documents/{documentId}/result (Company Key) 
Partner ──GET /v1/documents/{documentId}/result──> API
         <── 200 OK { documentId, fileName, status, complianceItems[], processedAt }

Partner ingests results:
  ──> Store scores, gaps, recommendations
  ──> Generate client-facing reports
  ──> Trigger remediation workflows
Response (200): 
{
  "documentId": "01HXYZ...",
  "fileName": "policy.pdf",
  "status": "Processed",
  "complianceItems": [
    {
      "id": "01HXYZ...",
      "controlItemId": "01HXYZ...",
      "controlItemName": "Access Control Policy",
      "controlClusterId": "01HXYZ...",
      "controlClusterName": "Access Management",
      "controlItemObjective": "Ensure proper access controls...",
      "status": "Processed",
      "result": {
        "score": 85,
        "explanation": "The document demonstrates strong access control...",
        "strength": "Clear definition of access roles and responsibilities",
        "gaps": [
          {
            "topic": "Periodic Review",
            "description": "No mention of periodic access review cycles"
          }
        ],
        "recommendations": [
          {
            "gapIdentified": "Periodic Review",
            "actionableRecommendation": "Add quarterly access review process",
            "suggestedTextLocation": "Section 4.2",
            "suggestedTextToBeAdded": "Access rights shall be reviewed quarterly..."
          }
        ]
      }
    }
  ],
  "processedAt": "2026-02-11T10:15:00Z"
}
Scoring thresholds:
Score RangeClassification
70–100Passed
50–69Warning
0–49Failed
Key behaviors:
  • Results only populated when status = Processed — items still processing have result: null
  • Individual compliance items can have status ProcessedWithError if analysis failed for that control
  • Response is idempotent — calling multiple times returns the same results